Adding new primary Exchange server - decommission old

I am currently running Exchange 2010 with a DAG and 4 Exchange servers (this will be changing soon). I have a DAG running on an active and a passive node (one of the other Exchange servers is for my China office and the other is basically doing nothing - it's a VM that will be decommissioned soon). I have a new physical Exchange server that I brought online (as a CAS-Hub) and, of course, mail stopped working because the Exchange forest is trying to use the new server. So I shut that machine down until I was ready to migrate. What I need to do needs to be done with the least amount of down-time possible. What I'd LIKE to do, is be able to bring the new Exchange server up and just keep traffic flowing as is (for the meantime), join the new Exchange server to the DAG and let the databases replicate to that box. Once the replication is complete, I would like to evict the current primary from the DAG, then make the necessary changes in my firewall, and bring the new server online as the primary Exchange server. I will need to replicate all the send/receive connectors, and I already have the new certificate in place that includes the new server name. I will also have to change autodiscover settings to ensure my Outlook anywhere clients can point to the new server and the internal URL changes properly, as well as my owa URL. My questions are:

1. What can I do to bring the new Exchange server online without an email outage?
2. Is joining the new server to the DAG and replicating them the quickest, easiest way to get the databases to the new server without down-time?
3. Did I miss anything above in my checklist for moving to the new server as the primary?
4. When I move to the new server, what is the easiest way to point the Outlook clients to the new box? I will have autodiscover configured to use the new server, but this, I believe, will require manual intervention.

If I need to clarify anything, I'll be happy to. As always, any help would be appreciated. Thanks in advance.

What exactly happened when the server was brought online?
Bringing a new server online should not have had an impact in a correctly configured server, other than perhaps Autodiscover clients getting odd information. Nothing you can do about that until the server is active and you can configure it with the correct URLs and SSL certificates.

Unless the server is in the same physical location as the source server, I don't tend to try and replicate live databases to a new server. The most effective way is to create a new database, add that to the DAG replica, then move the mailboxes in to it.

Do you have a CAS array? If not then your biggest problem is going to be the clients.

The email sat in the queues for local delivery. I've come to find that the reason is that the new server was given the Hub Transport server role as well. Only one server can have that at a time, correct? I will be uninstalling that role from that machine today. Once I do that, I should be able to have it on the network as just an existing member of the Exchange forest.

Regarding the databases, the servers are, indeed, in the same physical location and we have a 10GB network. The database replication will not be an issue. I'd like to join the new server to the DAG, then replicate copies to it. Once that's done, then I should be able to configure my CAS array, duplicate the connectors, edit autodiscover URL's, enable Outlook anywhere on the new server, transfer the mailbox server role to the new server, make my firewall changes, and test my clients. Does this sound correct? Or am I missing something?

"I've come to find that the reason is that the new server was given the Hub Transport server role as well. Only one server can have that at a time, correct?"

That is incorrect.
All servers can have the Hub transport role. If the emails are sitting in the queues you need to review why. The most common reason are restrictions on the Receive Connectors, or a firewall/AV product getting the way.

Do you have an RPC CAS Array now? CAS Array's are not server specific, they are AD site specific. Without one you will have problems with the clients.

It may be that the 'internal servers' connector is disabled. I'll have to investigate that. I really appreciate the insight, Simon. I've done a ton of new implementations, but never a switch of a primary server in such a shotty Exchange setup. This is definitely not a 'standard' install of Exchange. Things were very pieced together and I'm slowly unraveling them.

It appears I have several RPC CAS's. Tell me what you think (see attached). The DAL-PROD-EXC01 is the server being replaced. DFWPRDEXC02v is going away, as it is not serving any purpose and the attached databases are no longer used. I could use vDAL-PROD-EXC02, I suppose. Again, please tell me what you think.

Since the server is in the same physical location as the one being replaced, would it be feasible to (as mentioned above) go through joining the new server to the DAG and just replicating the databases over? Once I do that, again, I can just configure the new server to replicate the settings of the old, make the necessary firewall changes, and downtime should be minimal. If you could please just direct me a little further as to your thoughts on the CAS Array. Thanks, Simon.

and see what comes back. If you get back nothing then you don't have any CAS Array.

The problem is not with the databases. Moving databases about is easy and can be done with zero downtime. The problem is with the clients.
The clients connect to the CAS role - and all the time that is still valid, they will not move EVEN if the mailbox has been moved.
The only way to get them to move is to move the mailbox to another server in a different AD site.

When it comes to the CAS server listed in Outlook, that will only change otherwise when the server has gone away - so Exchange has been uninstalled (disabling does not work). Then Autodiscover "should" kick in. I say should because I have never done it. As it is something that you cannot test, no client has been prepared to risk it. If Autodiscover doesn't kick in correctly then you have all of the clients sitting there trying to connect to a server that doesn't exist. You cannot put the server back because it will be different.

A CAS Array can be configured at any time. It does not require a load balancer.
However clients will not start using the CAS Array unless you repair the Outlook profile.

Therefore I would create the CAS Array immediately, then repair an Outlook profile (go in to Accounts, choose the account for Exchange and select Repair). Confirm it works. Then start moving through all users either doing the repair for them or emailing instructions to them.

Once you have done that, when you introduce a new server, you just move the DNS record for the CAS Array to the new server.

Featured Post

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center.
Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center.
Navigate to the Recipients >> Sha…

To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center.
Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center.
Navigate to the Mail Flow >> Rules tab.: To cr…